DistroDB Logo

DistroDB

Privacy Policy

Last updated: 16 June 2026

1. Data Controller

DistroDB ("we", "us", "our") is the data controller responsible for your personal data. We are established in the European Union and process personal data in accordance with Regulation (EU) 2016/679 (GDPR).

Contact: hello@distrodb.xyz

2. Data We Collect

We collect only the minimum data necessary to operate the service.

Contact form

When you submit the contact form we collect your name, email address, subject, and message. This data is forwarded to our inbox via Resend (see §5) and is not stored in any database by us.

Suggest a change form

When you suggest a correction for a distro page we collect the distro name, the field to change, your suggestion, and an optional email address if you choose to provide one. This data is forwarded to our inbox via Resend and is not stored in any database by us.

IP address (rate limiting)

To prevent abuse of our API endpoints we temporarily store your IP address in server memory. This data is never written to disk, never shared with third parties, and is automatically discarded within one hour.

Server / hosting logs

Our hosting provider automatically records standard HTTP request logs (IP address, URL path, browser type, timestamp) for operational and security purposes. We do not control the retention period of these logs; please refer to our hosting provider's privacy policy.

Analytics (Plausible)

We use Plausible Analytics to understand how visitors interact with the site in aggregate. Plausible is cookie-free and collects no personally identifiable information. The data recorded per page view includes: page URL, referrer, browser type, operating system, device type, and country (derived from the IP address, which is never stored or logged by Plausible). See §5 for details.

3. Legal Basis for Processing

  • Contact & suggestion forms — Art. 6(1)(b) GDPR: processing is necessary to take steps at your request (responding to your inquiry or acting on your suggestion).
  • IP address for rate limiting — Art. 6(1)(f) GDPR: our legitimate interest in protecting the service from abuse and ensuring availability for all users.
  • Hosting logs — Art. 6(1)(f) GDPR: legitimate interest in maintaining service security and performance.
  • Analytics (Plausible) — Art. 6(1)(f) GDPR: legitimate interest in understanding aggregate, anonymised usage patterns to improve the service. No personal data is processed; IP addresses are never stored.

4. Data Retention

  • Contact & suggestion submissions — retained in our email inbox for as long as necessary to respond and act on your request, and no longer than 2 years from the date of receipt.
  • IP address (rate limiting) — held in server memory for a maximum of 1 hour, then automatically discarded.
  • Hosting logs — as determined by our hosting provider's policies.
  • Analytics data (Plausible) — aggregate statistics are retained for the lifetime of the account. No individual-level data is stored; all records are anonymised at the point of collection.

5. Third-Party Processors

We use the following sub-processors. We do not sell your personal data to any third party, nor share it for advertising or marketing purposes.

Resend (email delivery)

Used to deliver contact and suggestion form submissions to our inbox. Data is transmitted over TLS. Resend is GDPR-compliant and processes data on infrastructure located in the EU/US with appropriate safeguards. See resend.com/legal/privacy-policy.

Hosting provider

DistroDB is hosted on Vercel. Vercel processes request data (including IP addresses) as part of providing hosting infrastructure. See vercel.com/legal/privacy-policy.

Plausible Analytics (privacy-friendly analytics)

We use Plausible Analytics to collect anonymised, aggregate usage statistics. Plausible does not use cookies, does not store IP addresses, and does not track visitors across websites. All data is processed in the EU. See plausible.io/privacy.

6. Cookies & Tracking

DistroDB does not use advertising or any third-party tracking cookies. We use Plausible Analytics, which is entirely cookie-free and does not place any cookies in your browser. The only data stored in your browser is:

  • Theme preference — stored in localStorage to remember whether you prefer dark or light mode. This data never leaves your device.
  • Cookie notice dismissal — stored in localStorage to avoid showing the notice again once you have acknowledged it. This data never leaves your device.

Our hosting provider (Vercel) may set strictly necessary technical cookies for routing or security purposes. These cookies do not track you across sites and do not require your consent under the ePrivacy Directive.

7. Your Rights Under GDPR

As a data subject you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data where there is no overriding legitimate reason to retain it.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.

To exercise any of these rights, email us at hello@distrodb.xyz. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.